HardenedBSD/contrib/opie/opiepasswd.1
Andrey A. Chernov e9fcc517e1 Merge
1997-09-29 10:33:14 +00:00

177 lines
4.3 KiB
Groff

.\" opiepasswd.1: Manual page for the opiepasswd(1) program.
.\"
.\" %%% portions-copyright-cmetz-96
.\" Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
.\" Reserved. The Inner Net License Version 2 applies to these portions of
.\" the software.
.\" You should have received a copy of the license with this software. If
.\" you didn't get a copy, you may request one from <license@inner.net>.
.\"
.\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan
.\" McDonald, All Rights Reserved. All Rights under this copyright are assigned
.\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
.\" License Agreement applies to this software.
.\"
.\" History:
.\"
.\" Modified by cmetz for OPIE 2.3. Added -f flag documentation.
.\" Updated console example.
.\" Modified by cmetz for OPIE 2.2. Removed MJR DES documentation.
.\" Modified at NRL for OPIE 2.0.
.\" Written at Bellcore for the S/Key Version 1 software distribution
.\" (keyinit.1).
.\"
.ll 6i
.pl 10.5i
.lt 6.0i
.TH OPIEPASSWD 1 "January 10, 1995"
.AT 3
.SH NAME
opiepasswd \- Change or set a user's password for the OPIE authentication
system.
.SH SYNOPSIS
.B opiepasswd
[\-v] [\-h] [\-c|\-d] [\-f]
.sp 0
[\-n
.I inital_sequence_number
]
[\-s
.I seed
] [
.I user_name
]
.SH DESCRIPTION
.I opiepasswd
will initialize the system information to allow one to use OPIE to login.
.I opiepasswd
is downward compatible with the keyinit(1) program from the
Bellcore S/Key Version 1 distribution.
.SH OPTIONS
.TP
.TP
.B \-v
Display the version number and compile-time options, then exit.
.TP
.B \-h
Display a brief help message and exit.
.TP
.B \-c
Set console mode where the user is expected to have secure access to the
system. In console mode, you will be asked to input your password directly
instead of having to use an OPIE calculator. If you do not have secure access
to the system (i.e., you are not on the system's console), you are
volunteering your password to attackers by using this mode.
.TP
.B \-d
Disable OTP logins to the specified account.
.TP
.B \-f
Force
.I opiepasswd
to continue, even where it normally shouldn't. This is currently used to
force opiepasswd to operate in "console" mode even from terminals it believes
to be insecure. It can also allow users to disclose their secret pass phrases
to attackers. Use of the -f flag may be disabled by compile-time option in
your particular build of OPIE.
.TP
.B \-n
Manually specify the initial sequence number. The default is 499.
.TP
.B \-s
Specify a non-random seed. The default is to generate a "random" seed using
the first two characters of the host name and five pseudo-random digits.
.SH EXAMPLE
Using
.I opiepasswd
from the console:
.LP
.sp 0
wintermute$ opiepasswd \-c
.sp 0
Updating kebe:
.sp 0
Reminder \- Only use this method from the console; NEVER from remote. If you
.sp 0
are using telnet, xterm, or a dial\-in, type ^C now or exit with no password.
.sp 0
Then run opiepasswd without the \-c parameter.
.sp 0
Using MD5 to compute responses.
.sp 0
Enter old secret pass phrase:
.sp 0
Enter new secret pass phrase:
.sp 0
Again new secret pass phrase:
.sp 0
.sp 0
ID kebe OPIE key is 499 be93564
.sp 0
CITE JAN GORY BELA GET ABED
.sp 0
wintermute$
.LP
Using
.I opiepasswd
from remote:
.LP
.sp 0
wintermute$ opiepasswd
.sp 0
Updating kebe:
.sp 0
Reminder: You need the response from your OPIE calculator.
.sp 0
Old secret password:
.sp 0
otp-md5 482 wi93563
.sp 0
Response: FIRM BERN THEE DUCK MANN AWAY
.sp 0
New secret password:
.sp 0
otp-md5 499 wi93564
.sp 0
Response: SKY FAN BUG HUFF GUS BEAT
.sp 0
.sp 0
ID kebe OPIE key is 499 wi93564
.sp 0
SKY FAN BUG HUFF GUS BEAT
.sp 0
wintermute$
.LP
.SH FILES
.TP
/etc/opiekeys -- database of key information for the OPIE system.
.SH SEE ALSO
.BR ftpd (8),
.BR login (1),
.BR passwd (1),
.BR opie (4),
.BR opiekey (1),
.BR opieinfo (1),
.BR su (1),
.BR opiekeys (5),
.BR opieaccess (5)
.SH AUTHOR
Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden
of Bellcore. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and
Craig Metz.
S/Key is a trademark of Bell Communications Research (Bellcore).
.SH CONTACT
OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join,
send an email request to:
.sp
skey-users-request@thumper.bellcore.com